How To: Set AD Password using java – IC5.5 self service

this time again some coding stuff … but I thought this might be interesting, as this belongs to an application we`re using to create users for IBM Connections.

This application is called UserManager. It offers an easy way to create external / internal users as well as self service capabilities.

Changing passwords is an easy task when using SDS or Domino as directory where your IBM Connections Accounts are stored. This is NOT the case when using MS AD… Changing a password using a programmatic way or let`s say using the LDAP protocol has the following prerequisites that I was not aware of before:

Changing passwords is only possible if you connect via ldaps – port 636 to AD!

The password is stored as an attribute called “userPassword” – but this is only a link of the attribute “unicodePwd”. –> If you simply change the attribute userPassword.. nothing will happen and you are not able to login!

The change operation has to be done using the unicodePwd attribute – but only using a special procedure (encoding)

If you want to change the password of an AD account from your java code proceed like this: